Breach Week Cyber Security | Computer Rescue
Breachweek

Who Breached This Week? 22/01/2020 – 28/01/202

United Kingdom – EuroTickets2020
https://www.bleepingcomputer.com/news/security/euro-cup-and-olympics-ticket-reseller-hit-by-magecart/

Exploit: Malware attack
EuroTickets2020: Online ticket reseller

twib-severeRisk to Small Business: 2 = Severe: PlanetDrugsDirect sent emails and direct mail to its customers, notifying them of a data breach that compromised customers’ personal health information (PHI). In addition to customer blowback, PlanetDrugsDirect will face intense regulatory scrutiny because of the sensitive nature of the data compromised. Additionally, their response was ambiguous at best, minimizing the company’s ability to begin restoring customer confidence in the wake of the data breach.
twib-severeIndividual Risk: 2.428 = Severe: Anyone shopping on EuroTickets2020 on or after January 7th likely had their personal information and payment card details compromised. It’s recommended that those impacted by the breach notify their financial institution of the breach and request a new payment card. In addition, they should carefully monitor their accounts for unusual or suspicious activity.

 

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: More people than ever before are looking to make purchases online, but businesses erode their viability when they can’t secure the checkout process. MageCart and other payment skimming malware is increasingly common in online stores, which means that companies offering these services should actively look for this malware in their system. When it happens routinely, there is no need to be surprised by bad actors’ attack methodologies.

 

United Kingdom – Capita Education Services
https://www.theregister.co.uk/2020/01/22/capita_education_services_email_spaff/

Exploit: Accidental data sharing
Capita Education Services: Software management and support service

extreme gaugeRisk to Small Business: 2 = Severe: Capita Education Services accidentally sent an email to customers containing more than 100 user email addresses in the subject line. The event sparked a broad backlash from their customer base, who took to social media and discussion boards to complain about the company’s data privacy standards. Making matters worse, the message led many recipients to believe that they received a phishing scam, further eroding the brand’s reputation. This is the company’s second data breach in the past several years, and they face an uphill battle to regain the trust of their already incredulous customers.
correct severe gaugeIndividual Risk: 2.571 = Moderate: 100 users had their email addresses exposed in the data breach. This information directly puts users’ privacy at risk since it can be deployed in phishing scams or cybercrime. Those impacted by the breach should be on the lookout for these types of attacks.

 

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Customers are increasingly unwilling to work with companies that can’t protect their data. In this case, Capita Education Services relies on contracts from school districts that can’t afford a data breach, which could negatively impact their bottom line. However, regardless of the sector, nobody wants to work with a company that appears feckless or indifferent about data security.

 

Find out if your details are on the Dark Web – For Free.

Compromised credentials are used to conduct further criminal activity. Employees often use the same password for multiple services, such as network login, social media, and SaaS business applications, exponentially increasing the potential damage from a single compromised credential. Limited visibility when credentials are stolen; over 75% of compromised credentials are reported to the victim’s organisation by a third party, such as law enforcement. Click here now for a preliminary FREE Dark Web Scan for your business